Overview

overview

10

Static

static

8

7a18fe0aea...ef.doc

windows7-x64

10

7a18fe0aea...ef.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a18fe0aea0584eb447028be2e1415a7e269a77bf46b589d27ca2b83a2ef48ef

  • Size

    181KB

  • Sample

    241120-gg54vsshrk

  • MD5

    f5f319b1de24e14da087f06058bc3627

  • SHA1

    0084b76f4cf72bd0c05fa05aa301d95f395bc57e

  • SHA256

    7a18fe0aea0584eb447028be2e1415a7e269a77bf46b589d27ca2b83a2ef48ef

  • SHA512

    39dfaaa12d70f5890a4347df437d251880fe26bcece3968eb98d0eef90d702997301f28930daa4abf697961806486a4a2571ae20c24678739a2bce2ad3bae7c3

  • SSDEEP

    3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP73:9NO2k4PF7tGiL3HJk9rD7bdasiv86j

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://diwafashions.com/wp-admin/mqau6/
exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/
exe.dropper

http://diaspotv.info/wordpress/G/
exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

    • Target

      7a18fe0aea0584eb447028be2e1415a7e269a77bf46b589d27ca2b83a2ef48ef

    • Size

      181KB

    • MD5

      f5f319b1de24e14da087f06058bc3627

    • SHA1

      0084b76f4cf72bd0c05fa05aa301d95f395bc57e

    • SHA256

      7a18fe0aea0584eb447028be2e1415a7e269a77bf46b589d27ca2b83a2ef48ef

    • SHA512

      39dfaaa12d70f5890a4347df437d251880fe26bcece3968eb98d0eef90d702997301f28930daa4abf697961806486a4a2571ae20c24678739a2bce2ad3bae7c3

    • SSDEEP

      3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP73:9NO2k4PF7tGiL3HJk9rD7bdasiv86j

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks